Defeating UCI: Building Stealthy and Malicious Hardware

Executive Summary

In previous work Hicks et al. proposed a method called Unused Circuit Identification (UCI) for detecting malicious backdoors hidden in circuits at design time. The UCI algorithm essentially looks for portions of the circuit that go unused during design-time testing and flags them as potentially malicious. In this paper, the authors construct circuits that have malicious behavior, but that would evade detection by the UCI algorithm and still pass design-time test cases. To enable their search for such circuits, they define one class of malicious circuits and perform a bounded exhaustive enumeration of all circuits in that class.